882b0f99136eccdd6112928dc4c1cfd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

882b0f99136eccdd6112928dc4c1cfd6_JaffaCakes118
Size

485KB
MD5

882b0f99136eccdd6112928dc4c1cfd6
SHA1

7ce66a6a853f4971574f635b9e004a4cf2ba7002
SHA256

23e529de1409e7d3ce461bcef68bbcfc99101b6b6d3d0884df5363e579d6791b
SHA512

1489240ba980adada02e0a525321af15c25b71e4b0c2b0ec7359a72733064788db230d43342162d4132e4b663b390e860ce022b70ff0a53a3c3ff15f0f470bd5
SSDEEP

3072:+MtnE7Wrsn7JP9Se5CzEzEOgAX97YLwigb2IvSfEvDvkD8PD1:hy7watPUEFgAXZY0iETvAuD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
882b0f99136eccdd6112928dc4c1cfd6_JaffaCakes118

Files

882b0f99136eccdd6112928dc4c1cfd6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

302ff330cc44bf4057d0bccc320eec3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

\\Wta..[3243ujwew]\\\kY0VNfo.pdb

Imports

netapi32

NetLocalGroupDel

gdi32

BitBlt
EndPage
SetTextAlign
CreatePatternBrush

user32

CreateIconIndirect
FlashWindow
DdeEnableCallback
GetSysColor
DdeImpersonateClient
DdeAddData
GetScrollPos
CloseDesktop

clusapi

ClusterRegCloseKey

shlwapi

PathMakeSystemFolderW

ole32

CoLoadLibrary

advapi32

InitializeAcl
CreateRestrictedToken

kernel32

ResumeThread
GetModuleHandleW
_llseek
LCIDToLocaleName
FlushFileBuffers
GetProcessPriorityBoost
GetSystemDefaultLocaleName
SetThreadPreferredUILanguages

powrprof

IsPwrHibernateAllowed

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jnbcf
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e3WOpn
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

b
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PU=G+
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MkIBj
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T_O
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

302ff330cc44bf4057d0bccc320eec3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

gdi32

user32

clusapi

shlwapi

ole32

advapi32

kernel32

powrprof

Sections

.text Size: 26KB - Virtual size: 25KB

.jnbcf Size: 10KB - Virtual size: 19KB

e3WOpn Size: 22KB - Virtual size: 21KB

b Size: 29KB - Virtual size: 28KB

PU=G+ Size: 30KB - Virtual size: 29KB

MkIBj Size: 32KB - Virtual size: 31KB

T_O Size: 4KB - Virtual size: 3KB

.code Size: 329KB - Virtual size: 328KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 25KB

.jnbcf
Size: 10KB - Virtual size: 19KB

e3WOpn
Size: 22KB - Virtual size: 21KB

b
Size: 29KB - Virtual size: 28KB

PU=G+
Size: 30KB - Virtual size: 29KB

MkIBj
Size: 32KB - Virtual size: 31KB

T_O
Size: 4KB - Virtual size: 3KB

.code
Size: 329KB - Virtual size: 328KB

.rsrc
Size: 2KB - Virtual size: 1KB